Hey every one,
I was looking around to do some geoblocking, and I notice that as default geoip blocking will reject the connection instead of dropping is it a way to do it trough the geoip blocking tap (dropping the connection) ore is it only trough rule set ? like this treat?: https://community.ipfire.org/t/manually-set-geoip-blocking-firewall-rule/2459
Best Regards
Neopegasus
According the sourcecode the default GeoIP will already use the DROP target.
Thanks Arne.F,
I ask that because in the wiki they quote:
After having finished that, scroll down at the end of the page and click “Save”. After that, any connections from those countries will be rejected instantly, even before passing some other firewall rules, e.g. port forwarding, which might allow them.
This info I got from: https://wiki.ipfire.org/configuration/firewall/geoip-block
After this information I was wondering why reject and not dropping the connection.
Thanks for the Help Arne.
Arne is correct. We want to DROP here, because there is no reason to even send an ICMP error message to the peer.
Please update the documentation to make it clear 